Wallet ecosystems as a funding and governance pivot: governing fee migration into priced trust transactions
- Ott Sarv
- Feb 6
- 7 min read
Paper-era fees do not disappear. They migrate.
When attestations and trust operations become machine-consumable, the fee logic moves from paper artefacts to transaction-grade operations. Those operations get priced in procurement, recovered through relying-party and service-provider pass-through, and mirrored in public offices through revised statutory fee schedules. The question is not whether charging exists. The question is whether charging funds lawful capability or merely monetises friction.
The Seven Layer Model’s discipline, stated as law before code, makes the fiscal point simple: if the digital act carries legal effect, the state must remain able to compel evidence, order correction, and reverse outcomes. If that is not operable, the fee is rent, not capability.
DPI, DPF, and DPS is the financial map
The taxonomy of DPI, DPF, DPS is directly usable as a budgeting structure. It separates baseline rails from priced public functions and from front-end service journeys.
Acr. | What becomes the cost centre when wallet and exchange ecosystems scale |
DPI | Evidence-grade event records, correction and revocation reach, resilience, continuity, and interoperable semantics across sectors |
DPF | Lifecycle operations that become priced objects: consent lifecycle management, attestation lifecycle management, identification, authentication, and signature lifecycle operations |
DPS | Orchestration and accountability surfaces: receipts, timelines, contestation routes, and exception routing into DPF-backed remedy |
This is why platform-era funding instincts fail. DPS looks cheaper and faster. DPI and DPF become more expensive and more legally load-bearing.
Three governance bases for data movement, executed through multiple channels
A wallet is use case agnostic. It can front many use cases as a natural-person-facing interaction surface. Consent is not a channel. Consent is a governed component that may be invoked within any use case where the legal basis expects natural-person control.
Data movement can be executed through multiple channels, including wallet-mediated exchanges, data exchange platforms, and direct APIs. What matters for governance and pricing is the control surface, not the transport path. The enforcement posture captured by mandate gating remains the stabiliser for law-authorised disclosures, regardless of channel.
Governance basis | What controls the transfer and what must be proven |
Consent-governed | Natural-person control over disclosure is expected. Consent state, scope, withdrawal semantics, and evidence at time of reliance must be operable and reconstructable |
Law-authorised | Legal authority and institutional mandate control the transfer, with purpose, proportionality, accountability, and remedy as constraints, and denials treated as governance outcomes |
Contractual | Contract controls the transfer through enforceable obligations, including permitted purposes, retention, onward disclosure limits, audit rights, liability allocation, and breach handling |
This separation matters for pricing. The priced unit must follow the control surface and its evidence and remedy duties, not the UI component and not the network route.
The charging rule that makes fee migration governable
Only charge for trust transactions that are attributable, auditable, and reversible.
This rule is the operational form of what the site calls guidance without enforcement: principles are not enough when disputes arrive and reversals must propagate.
Legitimacy test | What must be true before charging is defensible |
Attributable | A competent institution is accountable for the outcome, has decision rights, and can be compelled to act |
Auditable | Evidence-grade records exist that can be reconstructed without manual forensics or discretionary cooperation |
Reversible | Oversight can suspend effect, correct authoritative state, and propagate reversals to relying parties and downstream systems |
This rule does not ban per-use fees. It bans per-use fees that purchase no enforceable capability.
How paper-era fees migrate into priced trust transactions
Your observed pattern is the dominant one: fees once paid for paper attestations are now paid by relying parties and encoded into their service charges, and public offices often adopt the same logic through state-fee adjustments.
Paper-era fee behaviour | Ecosystem-era equivalent |
Natural person pays for paper attestations, certified copies, extracts | Relying party pays for attestation lifecycle events, with pass-through into service charges and, where government is issuer, into statutory state fees for high-assurance events |
Counter checks and repeated manual verification | Priced identification and authentication events, especially binding, step-up, recovery, and exception handling |
Fragmented agency charging points | Standardised transaction classes in procurement and statutory schedules, otherwise fragmentation becomes inflation |
The governance task is to define transaction classes that reflect lawful capability, then refuse to price anything that fails the attributable, auditable, reversible test.
DPF lifecycles that become priced objects, independent of channel
Consent lifecycle management and attestation lifecycle management are ongoing public functions that carry cost, risk, and legal consequence. They must operate regardless of whether a use case is fronted by a wallet or executed through a data exchange platform or direct APIs.
DPF lifecycle | What the priced unit must actually buy |
Consent lifecycle management | Evidence of scope at time of reliance, enforceable withdrawal semantics, propagation to relying parties where applicable, and inspection-ready logs aligned with the Friday Test |
Attestation lifecycle management | Accountable issuer and correction authority, auditable issuance and updates, enforceable suspension and revocation reach, correction propagation across relying parties |
Identification lifecycle | Accountable assurance decisions, auditable evidence sets and decision traces, reversible outcomes for mis-binding and error cases |
Authentication lifecycle | Accountable binding and recovery authority, auditable step-up and compromise handling records, reversible access effects under oversight |
Signature lifecycle | Accountable trust governance, auditable validation and evidence preservation, reversible trust state through status and revocation operations |
This is the practical meaning of the funding pivot: priced trust transactions are priced DPF lifecycle events, not paid clicks.
Procurement is where the priced unit is either governed or lost
In this article, Request for Proposal means a formal procurement document used to define scope, obligations, and pricing units.
If government does not define the priced unit, suppliers will. That outcome is predictable in networked ecosystems where pricing power concentrates around transaction surfaces, explained in university-level work on two-sided markets such as platform competition in two-sided markets and in network economics treatments such as Networks: An Economics Approach.
RFP trust transaction class | What the RFP must require so the fee buys capability |
Consent-governed disclosures | Consent scope binding, evidence at time of reliance, withdrawal semantics, receipts, and contestation pathways |
Mandate-bound disclosures | Mandate and purpose binding, minimum data points, evidence bundle outputs, and a remedy path that can compel correction and reversal |
Contract-governed disclosures | Contract binding, auditability duties, retention limits, onward disclosure controls, and breach handling evidence |
Attestation issuance and updates | Named custodian, canonical record linkage, correction procedures, and downstream propagation duties |
Status, suspension, revocation | Authority to act, event semantics, propagation obligations, and inspection-ready logs |
Assurance step-up and recovery | Evidence-grade recovery decisions, fraud controls, appeals handling, and reversible outcomes |
A rigorous reference for roles, obligations, and liability in multi-party reliance systems is NIST IR 8149, which keeps procurement language grounded in trust frameworks rather than vendor features.
State fees will rise in places, so the discipline must be explicit
Public offices will revise statutory fees as high-assurance digital operations replace paper-era processes. The legitimacy condition is that state fees rise only where cost and risk rise, and only where remedy is operable.
Statutory fee discipline | What it enforces |
Cost and risk linkage | Fees follow assurance workload, governance overhead, evidence preservation, and remedy readiness, not digitisation convenience |
Essential access protection | Exemptions and caps where credentials are needed to exercise rights or access essential services |
Transparency and contestability | Fee schedules map to transaction classes and publish dispute routes and decision timelines |
Correction and reversal readiness | A fee is charged only where the state can suspend effect, correct records, and reverse outcomes in practice |
This is how the argument closes as sovereignty, not revenue protection, consistent with Digital sovereignty through sequence.
DPI still needs baseline operating funding
Fee migration does not remove the need for baseline DPI operating funding. If DPI rails degrade, auditability and reversibility fail, and the priced transaction economy becomes unstable.
This position aligns with public-sector governance literature that treats DPI as sustained capability, for example the OECD work on digital public infrastructure for digital governments and operational guidance such as the World Bank ID4D Guide.
DPI capability | Why it must be baseline-funded even in a priced ecosystem |
Evidence-grade event logging | Underpins auditability and remedy for all DPF transactions |
Correction and revocation reach | Prevents persistent bad state and systemic reliance errors |
Resilience and continuity | Maintains trust under failure modes and crisis operations |
Oversight and remedy operations | Keeps lawful compellability real, not aspirational |
Decision rule
Fees will migrate from paper attestations into priced trust transactions.
Governments should govern this migration by funding DPI as an always-on rail, constituting consent lifecycle management and attestation lifecycle management as DPFs, and standardising transaction classes across procurement and statutory fee schedules.
Only charge for trust transactions that are attributable, auditable, and reversible.
FAQ
What changes in government fee models when paper attestations become digital trust transactions?
Fees shift from paper artefacts and counter steps into priced lifecycle events for attestations, identification, authentication, consent, and signatures. These prices are commonly defined in procurement and statutory fee schedules, then recovered through relying-party and service-provider pass-through.
How does a use case agnostic wallet fit alongside data exchange platforms and direct APIs?
A wallet can front multiple use cases as a natural-person-facing interaction surface, while the underlying data movement may still occur through data exchange platforms or direct APIs depending on which organisations are exchanging data and which governance basis applies. Consent is a governed component invoked where the legal basis requires natural-person control, independent of the channel used.
How can governments charge per use without pricing adoption into failure?
Charge where the fee buys assurance, evidence, correction reach, and remedy readiness, typically high-assurance and exception-heavy lifecycle events and relying-party compliance duties. Avoid charging routine reuse where the fee buys no additional lawful capability.
What is the attributable, auditable, reversible rule and why does it matter?
A trust transaction is chargeable only if an accountable institution can be compelled to act, evidence-grade records exist for audit, and oversight can correct and reverse outcomes with downstream propagation. This prevents fees from becoming friction tolls.
What should a Request for Proposal specify so suppliers cannot invent opaque tolls?
It should define trust transaction classes, price drivers, required evidence outputs, correction and reversal obligations, and measurable service levels so pricing follows lifecycle workload and liability rather than integration convenience.
How do DPI, DPF, and DPS help ministries decide what to fund and what to price?
Baseline-fund DPI rails for resilience, logging, and correction reach. Price DPF lifecycles where outcomes meet the attributable, auditable, reversible rule. Keep DPS focused on receipts, timelines, and routing contested cases rather than creating fragmented fee chokepoints.
